<?php
/* -------------------------------------------------------------------------------------
* 	ID:						$Id: class.sessions.php 135 2013-09-22 07:30:55Z phone.mueller@googlemail.com $
* 	Letzter Stand:			$Revision: 135 $
* 	zuletzt geaendert von:	$Author: siekiera $
* 	Datum:					$Date: 2013-09-22 07:30:55 +0000 (Sun, 22 Sep 2013) $
*
* 	SEO:mercari by Siekiera Media
* 	http://www.seo-mercari.de
*
* 	Copyright (c) since 2011 SEO:mercari
* --------------------------------------------------------------------------------------
* 	based on:
* 	(c) 2000-2001 The Exchange Project  (earlier name of osCommerce)
* 	(c) 2002-2003 osCommerce - www.oscommerce.com
* 	(c) 2003     nextcommerce - www.nextcommerce.org
* 	(c) 2005     xt:Commerce - www.xt-commerce.com
*
* 	Released under the GNU General Public License
* ----------------------------------------------------------------------------------- */

class sessions {

	public $session_name = 'mercari';
	public $check_user_agent = SESSION_CHECK_USER_AGENT;
	public $check_ip_address = SESSION_CHECK_IP_ADDRESS;
	public $secure_word = 'secure_mercari';
	public $_db;

	function __construct() {
		global $db;
		$this->_db = $db;

		if(STORE_SESSIONS == 'mysql')
			$this->_set_handler();
		else
			session_save_path(SESSION_WRITE_DIRECTORY);

		session_name($this->session_name);

		@ini_set("session.gc_maxlifetime", 3600);
		@ini_set("session.gc_probability", 100);
	}

	function _set_handler()	{
		session_set_save_handler(array(
			'sessions',
			'_sess_open'
		) , array(
			'sessions',
			'_sess_close'
		) , array(
			'sessions',
			'_sess_read'
		) , array(
			'sessions',
			'_sess_write'
		) , array(
			'sessions',
			'_sess_destroy'
		) , array(
			'sessions',
			'_sess_gc'
		));
	}

	function _sess_open($save_path, $session_name) {
		return true;
	}

	static function _sess_close() {
		return true;
	}

	function _sess_read($key) {
		$value = $this->_db->db_query("SELECT value FROM ".TABLE_SESSIONS." WHERE sesskey = '".$key."' AND expiry > '".time()."'");
		if($value->fields['value'] != "")
			return $value->fields['value'];

		return false;
	}

	static function _sess_write($key, $val) {
		global $SESS_LIFE;

		$_sess_db = new mercari_db();

		$expiry = time() + $SESS_LIFE;

		return $_sess_db->db_query("REPLACE INTO ".TABLE_SESSIONS." (sesskey, expiry, value) VALUES ('".$key."', '".$expiry."', '".addslashes($val)."') ");

	}

	function _sess_destroy($key) {
		global $current_domain;
		setcookie(session_name(), '', time() - 3600, DIR_WS_CATALOG, $current_domain);

		$this->_db->db_query("DELETE FROM ".TABLE_SESSIONS." WHERE sesskey = '".$key."'");
		return true;
	}

	function _sess_gc($maxlifetime) {
		$this->_db->db_query("DELETE FROM ".TABLE_SESSIONS." WHERE expiry < '".time()."'");
		return true;
	}

	function _sess_recreate() {
		global $current_domain, $session;
		$session_backup = $_SESSION;
		session_destroy();
		if(STORE_SESSIONS == 'mysql') {
			$this->_set_handler();
		}
		$this->_sess_start();
		foreach($session_backup as $key => $data) {
			$_SESSION[$key] = $data;
		}
		unset($session_backup);
		return true;
	}

	function _sess_start() {
		global $current_domain;
		session_start();
		$_SESSION[session_name().'_fprint'] = $this->_sess_fingerprint();
		return true;
	}

	function _sess_check() {
		$check = (isset($_SESSION[session_name().'_fprint']) && $_SESSION[session_name().'_fprint'] == $this->_sess_fingerprint());
		return $check;
	}

	function _sess_fingerprint() {
		$fingerprint = $this->secure_word;
		if($this->check_user_agent) {
			$http_user_agent = strtolower($_SERVER["HTTP_USER_AGENT"]);
			$http_user_agent2 = strtolower(getenv("HTTP_USER_AGENT"));
			$http_user_agent = ($http_user_agent == $http_user_agent2) ? $http_user_agent : $http_user_agent.';'.$http_user_agent2;
			$fingerprint.= $http_user_agent;
		}
		if($this->check_ip_address)
			$fingerprint.= get_ip_address();
		
		return md5($fingerprint);
	}
}
?>